To allow traffic on port 80 and 443, you must configure the associated security group and network access control list (network ACL).

Security group rules

For HTTP traffic, add an inbound rule on port 80 from the source address 0.0.0.0/0. For HTTPS traffic, add an inbound rule on port 443 from the source address 0.0.0.0/0. These inbound rules allow traffic from IPv4 addresses. To allow IPv6 traffic, add inbound rules on the same ports from the source address ::/0. For more information on creating or modifying security groups, see Working with Security Groups.

Because security groups are stateful, the return traffic from the instance to users is allowed automatically, so you don't need to modify the security group's outbound rules.

The following example shows the security group rules for allowing both IPv4 and IPv6 traffic on port 80 and 443:

Inbound rules

Type

Protocol

Port Range

Source

HTTP (80)

TCP (6)

80

0.0.0.0/0

HTTP (80)

TCP (6)

80

::/0

HTTPS (443)

TCP (6)

443

0.0.0.0/0

HTTPS (443)

TCP (6)

443

::/0

Network ACL

The default network ACL allows all inbound and outbound traffic. If you use a custom network ACL with more restrictive rules, then explicitly allow traffic on port 80 and 443. Network ACLs are stateless, so add both inbound and outbound rules to enable the connection to your website. For more information on modifying network ACL rules, see Network ACLs.

The following example shows a custom network ACL that allows traffic on port 80 and 443:

Inbound rules

Rule #

Type

Protocol

Port Range

Source

Allow/Deny

100

HTTP (80)

TCP (6)

80

0.0.0.0/0

ALLOW

101

HTTPS (443)

TCP (6)

443

0.0.0.0/0

ALLOW

102

HTTP (80)

TCP (6)

80

::/0

ALLOW

103

HTTPS (443)

TCP (6)

443

::/0

ALLOW

*

ALL Traffic

ALL

ALL

::/0

DENY

*

ALL Traffic

ALL

ALL

0.0.0.0/0

DENY

Outbound rules

Rule #

Type

Protocol

Port Range

Destination

Allow/Deny

100

Custom TCP Rule

TCP (6)

1024-65535

0.0.0.0/0

ALLOW

101

Custom TCP Rule

TCP (6)

1024-65535

::/0

ALLOW

*

ALL Traffic

ALL

ALL

::/0

DENY

*

ALL Traffic

ALL

ALL

0.0.0.0/0

DENY

Note: When the previous security group and network ACL example configurations are used together, all internet users can connect to the website. If the website owner or administrator wants to access other websites from the EC2 instance, then the following configurations must be allowed: